← Legal index

Kapta — list of subprocessors

This list is referenced by the DPA. Last updated: 2026-05-12.

Tenants are given advance written notice before a new subprocessor is added or replaced (DPA § 4.2).

SubprocessorWhat we shareWhyWhere they areTransfer mechanism
FareHarbor (Booking.com)Tenant's booking data (received from FareHarbor → returned to us via the booking-lookup endpoint when we replay)Booking source — the tenant has separately contracted with FareHarbor; Kapta acts on the data already entrusted to FareHarborUnited StatesSCCs in place between the tenant and FareHarbor; Kapta's role is processing-by-passthrough
Stripe (Stripe Payments Europe, Ltd. + Stripe Inc.)Tenant company name, contact email, billing address, VAT ID, payment method tokens (for the tenant — NOT the tenant's customers)Recurring billing for the Kapta subscriptionIreland + United StatesStripe DPA + EU SCCs (2021/914) — Module 3 (processor → sub-processor) for the Stripe Inc. (US) leg, because Kapta acts as processor for the tenant on its billing data. Stripe is also independently a controller for fraud-prevention; per-flow allocation follows stripe.com/legal/dpa
Holded (Eseyfact, S.L.)Tenant's end-customer invoice dataThe tenant's chosen invoicing providerSpainEU — no transfer mechanism needed

Invoicing-provider relationship

The invoicing providers are NOT classical subprocessors in the "recipients we choose" sense — each tenant deliberately picks their provider and gives us an API key. We forward the booking-derived invoice data to whichever provider that tenant chose. The relationship is still listed here because tenants need to know the data flows out of Kapta.

For tenants who haven't chosen a provider, the data simply doesn't leave Kapta.


Source: docs/legal/SUBPROCESSORS.md